A group of US senators have come together to introduce bipartisan legislation that will boost electric grid security by incentivizing electric utilities to make investments in cybersecurity. The bill also establishes a Department of Energy (DOE) grant and technical assistance program for the deployment of advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC).
The bill titled, S. 1400, ‘Protecting Resources On The Electric grid with Cybersecurity Technology’ (PROTECT) Act, was reintroduced by Senator Lisa Murkowski, a Republican from Alaska, along with Senators Joe Manchin, a Democrat from West Virginia, James Risch, a Republican from Idaho, Angus King, an Independent from Maine, and Jacky Rosen, a Democrat from Nevada.
The bill directs that in less than six months after the date of enactment, the Commission shall work in consultation with the Secretary of Energy, the North American Electric Reliability Corporation (NERC), electricity sub-sector coordinating council, and the National Association of Regulatory Utility Commissioners (NARUC) to conduct a study that identifies incentive-based and performance-based rate treatments for the transmission and sale of electric energy subject to the jurisdiction of the Commission that could be used to encourage investment by public utilities in advanced cybersecurity technology, and participation by public utilities in cybersecurity threat information sharing programs.
The bill directs FERC to issue rule-making on rate incentives for advanced electric grid security technology. This will enable and incentivize utilities to invest in new technologies that improve their cybersecurity defenses. It also establishes a grant and technical assistance program at DOE to deploy advanced cybersecurity technology on the electric systems of utilities that are not regulated by FERC. Such exceptions would include cooperatives and municipal utilities, as well as small investor-owned utilities that sell less than 4 million megawatt-hours of electricity per year.
“The federal government and industry have a shared responsibility to enhance the cybersecurity posture of electric utilities, municipal utilities, and electric utility systems owned by electric cooperatives to protect our electric grid from cyber threats.” said Senator Murkowski in a press statement. “The PROTECT Act will help ensure utilities across America, including municipal utilities and electric cooperatives, are able to continue investing in advanced, cutting-edge cybersecurity technologies, while also strengthening the partnership between private industry and the federal government.”
“The reliability and resilience of our electric grid goes hand-in-hand with the economic and national security of the United States, so it’s critical that we’re two steps ahead in planning for unexpected events and threats,” said Senator Manchin, chairman of the Senate Energy and Natural Resources Committee. “The PROTECT Act would create incentives for utilities to enhance their cybersecurity efforts and increase their resilience to attacks.”
Senator King has repeatedly stressed the importance of improving protections for the nation’s electric grid security. Earlier this year, he and Senator Risch led a bipartisan letter voicing support for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and urging the Department of Energy to maintain CESER’s current leadership structure.
Senators King and Risch also authored the Securing Energy Infrastructure Act, which was passed as part of the FY2020 National Defense Authorization Act, and established partnerships to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the electric grid through holes in digital software systems.
The nation’s electric grid security and infrastructure also recently got a major boost from the Biden administration as it decided on new steps to protect electrical operators from increasing cyber threats.
About a fortnight back, the U.S. government announced a 100-day plan that will modernize critical electric infrastructure using cybersecurity defenses with aggressive milestones, and assist owners and operators to deliver better detection, mitigation, and forensic capabilities. The plan will help meet cybersecurity threats faced by the nation’s electric system, apart from seeking feedback from stakeholders on protecting the critical electric infrastructure.
In recent weeks, a number of bills have been introduced in the U.S. Senate, to enhance the nation’s cybersecurity shields, as it bolsters its critical infrastructure sector. One bill aims to create a ‘response and recovery’ fund to help public and private entities respond to and recover from cyberattacks. The other bill intends to help ensure that the Department of Homeland Security (DHS) is identifying and addressing risks to critical infrastructure.